Container Registry

Overview

OKD can utilize any server implementing the Docker registry API as a
source of images, including the Docker Hub, private registries run by
third parties, and the integrated OKD registry.

Integrated OpenShift Container Registry

OKD provides an integrated container registry called OpenShift
Container Registry (OCR) that adds the ability to automatically provision new image repositories on
demand. This provides users with a built-in location for their application builds to push the
resulting images.

Whenever a new image is pushed to OCR, the registry notifies OKD
about the new image, passing along all the information about it, such as the
namespace, name, and image metadata. Different pieces of OKD react
to new images, creating new
builds and
deployments.

Third Party Registries

OKD can create containers using images from third party registries,
but it is unlikely that these registries offer the same image notification
support as the integrated OKD registry. In this situation
OKD will fetch tags from the remote registry upon imagestream
creation. Refreshing the fetched tags is as simple as running oc import-image
<stream>. When new images are detected, the previously-described build and
deployment reactions occur.

Authentication

OKD can communicate with registries to access private image repositories
using credentials supplied by the user. This allows OpenShift to push and pull
images to and from private repositories. The Authentication topic
has more information.